First stop the apf
/etc/init.d/apf stop
Then, flush ip tables and remove all existing apf files even in cron job
iptables -F
rm -rf /etc/apf
rm -rf /usr/local/sbin/apf
rm -rf /etc/rc.d/init.d/apf
rm -rf /var/log/apf_log
rm -rf /var/log/apfados_log
/sbin/chkconfig --level 345 apf off
Now remove this cron job
vi /etc/cron.daily/fw
Find and Remove this line:
/etc/rc.d/init.d/apf restart >> /dev/null 2>&1
Friday, May 1, 2009
How to Install APF (Advanced Policy Firewall)
APF is a policy based iptables firewall system designed for ease of use and configuration.When it comes to security, there is no such thing without firewall. when you buy a new dedicated or vps server, atleast make sure you install a firewall to protect your server from various intrusion attacks. Within minutes you can set up your firewall up and running. APF firewall is one of the popular and easy to setup IP tables based firewall for Linux servers. It also has additional features like prevention from DoS attacks.APF is developed and maintained by R-fx Networks: http://www.rfxnetworks.com/apf.php
Be careful on setting up the firewall on what ports to open and what not. If youarent sure, you may lock yourself out.
Be careful on setting up the firewall on what ports to open and what not. If youarent sure, you may lock yourself out.
Installation
1)Login as root user
2)Download the APF Source
For downloading apf source code click here
or in command prompt type the following command,
wget http://www.r-fx.ca/downloads/apf-current.tar.gz
3)Extract the tar.gz
tar -xvf apf-current.tar.gz
4)Enter the APF directory
cd apf-current/
5)Run install code
./install.sh
After installation, you have to manually configure your firewall settings on what ports to open and what to block. You can edit the configuration file located in /etc/apf/conf.apf
Installed paths:
Configuration File: /etc/apf/conf.apf
Binary: /usr/local/sbin/apf
Start/Stop: /etc/init/d/apf (start|stop|restart)
Log: /var/log/apf_log
Antidos conf file: /etc/apf/ad/config.antidos
You can also use commands in the command line
apf -s (start)
apf -r (to restart)
apf -f (to stop)
6)Modify the APF config File
vim /etc/apf/conf.apf
First look for the line that says
Leaving this option as “1″ will disable your firewall after 5 minutes, so make sure to change it to “0″.
So replace 1 eith 0 and it look like this:-
DEVEL_MODE=”0″
Next, take a look at the allowed inbound ports. You should see something like
IG_TCP_CPORTS=”22,80,443″
Notice that port 22, the default SSH port is open. We want to change this to the port we gave SSH earlier. You can leave port 80 (HTTP) and 443 (HTTPS) open if you plan on running a website.
If you want to open any port, you have to give an entry in to the above place.
By default, APF will not filter outbound traffic but if would like to change that look for the following line
EGF=”0″
And change this value to “1″. On the line directly below it you should see the allowed outbound ports
EG_TCP_CPORTS=”21,25,80,443″
Change these if you have enabled outbound filtering and save the firewall config. Now we should add the firewall to start when we reboot our VPS and enable it
chkconfig --add apf
chkconfig --level 345 apf on
/etc/init.d/apf start
APF Firewall for VPS Servers:
If you are running apf firewall in VPS, there is a possibility that you will get "eth0: Device not found". Instead you have to make settings in the configuration file.
Find the following lines and change the values like below.
IFACE_IN = "venet0"
IFACE_OUT = "venet0"
DEVEL_MODE="1"
SET_MONOKERN="1"
SET_MONOKERN="1"
(The above line is important to have "1" if you are in VPS server as otherwise you will get unable to load ip tables module")
Subscribe to:
Posts (Atom)
